Check that SNS topics are encrypted

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: terraform-aws/aws-sns-topic-encryption

Language: Terraform

Severity: Warning

Category: Security

Description

This rule checks that all Simple Notification Service (SNS) topics created in your Terraform scripts are encrypted using a Key Management Service (KMS) key. SNS is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. As such, it is crucial to ensure that all messages sent via SNS topics are encrypted to protect sensitive data from unauthorized access.

Encryption is an essential step in securing your AWS SNS topics. Without encryption, any data sent through your SNS topics is vulnerable to interception and unauthorized access. This can lead to data breaches and non-compliance with data protection regulations.

To avoid violating this rule, ensure that you specify a kms_master_key_id for each aws_sns_topic in your Terraform scripts. This key ID should reference a valid AWS KMS key that you have permissions to use. By doing so, you ensure that all messages sent through your SNS topics are encrypted using the specified KMS key. This is a best practice for maintaining the security and integrity of your data.

Non-Compliant Code Examples

resource "aws_sns_topic" "default" {
  name = "example"
}

Compliant Code Examples

resource "aws_sns_topic" "default" {
  name = "example"

  kms_master_key_id = "aws_kms_key.arn"
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: rtrieu/product-analytics-ui-changes